{"id":918,"date":"2025-12-25T06:01:32","date_gmt":"2025-12-25T06:01:32","guid":{"rendered":"https:\/\/skillbasedmatching.com\/jobs\/?post_type=jobpost&#038;p=918"},"modified":"2025-12-25T06:01:36","modified_gmt":"2025-12-25T06:01:36","slug":"senior-cyber-security-risk-controls-analyst-infosec-grc","status":"publish","type":"jobpost","link":"https:\/\/skillbasedmatching.com\/jobs\/current-jobs\/senior-cyber-security-risk-controls-analyst-infosec-grc\/","title":{"rendered":"\u200bSenior Cyber Security Risk &#038; Controls Analyst \u2013 INFOSEC GRC"},"content":{"rendered":"\n<p>\u200bThis is a <strong>Senior-level, Remote<\/strong> position within the Information Security Governance, Risk, and Compliance (GRC) department. Compared to the mid-level role (Job 32036), this &#8220;Senior&#8221; version requires higher years of experience and commands a higher salary. You will lead the execution of <strong>Risk and Control Self-Assessments (RCSAs)<\/strong> and manage high-level security exceptions, ensuring that the bank\u2019s technical operations align with its risk appetite and regulatory mandates.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Requisition ID:<\/strong> 31830<\/li>\n\n\n\n<li>\u200b<strong>Base Pay:<\/strong> $120,000 \u2013 $180,000<\/li>\n\n\n\n<li>\u200b<strong>Location:<\/strong> Remote (US)<\/li>\n\n\n\n<li>\u200b<strong>Experience Required:<\/strong> 8 years with a degree (or 12 years with HS\/GED).<\/li>\n\n\n\n<li>\u200b<strong>Core Frameworks:<\/strong> NIST CSF, NIST SP 800-53.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bKey Responsibilities: Risk Leadership and Control Architecture<\/h2>\n\n\n\n<p>\u200bAs a Senior Analyst, you are responsible for the accuracy of the bank&#8217;s risk landscape and the maturity of its control environment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bStrategic Risk Assessment (RCSA)<\/h3>\n\n\n\n<p>\u200bYou will partner with senior business function owners to execute process-level <strong>RCSAs<\/strong>. This involves a deep-dive analysis into how a specific cybersecurity process (like Identity Management or Vulnerability Patching) could fail. You will determine the <strong>Inherent Risk<\/strong> (pre-control) and <strong>Residual Risk<\/strong> (post-control) ratings, documenting the evidence required to satisfy auditors and regulators.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bControl Design and Rationalization<\/h3>\n\n\n\n<p>\u200bA critical part of this role is drafting and refining &#8220;control statements.&#8221; You will review existing controls for <strong>Design Effectiveness (DE)<\/strong>\u2014asking, &#8220;Is this control built correctly to stop the risk?&#8221;\u2014and <strong>Operating Effectiveness (OE)<\/strong>\u2014asking, &#8220;Is it actually working day-to-day?&#8221; You will also support &#8220;control rationalization,&#8221; which is the process of identifying and removing redundant or ineffective controls to streamline the security program.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bSecurity Exception Governance<\/h3>\n\n\n\n<p>\u200bWhen a business unit cannot meet a security standard, they request an &#8220;exception.&#8221; You will perform the risk assessments for these exceptions, calculating the aggregate risk to the bank and recommending remediation plans or &#8220;target-state&#8221; enhancements to eventually close the security gap.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bRequired Qualifications and Skills<\/h2>\n\n\n\n<p>\u200bFirst Citizens Bank is looking for an experienced GRC professional who can translate technical security gaps into business risk language.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Experience:<\/strong> <strong>8+ years<\/strong> in cybersecurity or risk management.<\/li>\n\n\n\n<li>\u200b<strong>Technical Frameworks:<\/strong> Advanced familiarity with <strong>NIST 800-53<\/strong> and <strong>NIST CSF<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Analytical Writing:<\/strong> Proven ability to write clear, actionable findings that can be presented to executive leadership or regulators.<\/li>\n\n\n\n<li>\u200b<strong>Collaborative Influence:<\/strong> Experience working with technical IT teams to implement control improvements without disrupting business operations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bPreferred Qualifications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Financial Services Context:<\/strong> Experience in a large, highly regulated financial institution.<\/li>\n\n\n\n<li>\u200b<strong>Certifications:<\/strong> <strong>CRISC<\/strong> (Certified in Risk and Information Systems Control), <strong>CISA<\/strong>, or <strong>CISSP<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Tooling:<\/strong> Experience with GRC systems of record (e.g., Archer, ServiceNow GRC).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bSummary of Role Impact<\/h2>\n\n\n\n<p>\u200bIn the financial sector, &#8220;Risk&#8221; is the primary language of the business. As a Senior Cyber Risk &amp; Controls Analyst, you ensure that cybersecurity is not just a technical silo, but a quantified business function. Your work ensures that First Citizens Bank remains resilient against threats while satisfying strict banking regulations. By identifying control gaps and driving remediation, you directly prevent financial loss and protect the bank&#8217;s reputation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u200bThis is a Senior-level, Remote position within the Information Security Governance, Risk, and Compliance (GRC) department. Compared to the mid-level role (Job 32036), this &#8220;Senior&#8221; version requires higher years of experience and commands a higher salary. You will lead the execution of Risk and Control Self-Assessments (RCSAs) and manage high-level security exceptions, ensuring that the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"menu_order":0,"template":"","jobpost_category":[43],"jobpost_job_type":[39],"jobpost_location":[1041],"jobpost_tag":[1505,4143,3388,23,1936,1231,1619,4142,81,4148],"class_list":["post-918","jobpost","type-jobpost","status-publish","hentry","jobpost_category-it","jobpost_job_type-remote","jobpost_location-united-states","jobpost_tag-cisa","jobpost_tag-control-testing","jobpost_tag-crisc","jobpost_tag-financial-services","jobpost_tag-grc","jobpost_tag-nist-800-53","jobpost_tag-nist-csf","jobpost_tag-rcsa","jobpost_tag-remote","jobpost_tag-senior-cyber-risk-analyst"],"_links":{"self":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost\/918","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost"}],"about":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/types\/jobpost"}],"author":[{"embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/media?parent=918"}],"wp:term":[{"taxonomy":"jobpost_category","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_category?post=918"},{"taxonomy":"jobpost_job_type","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_job_type?post=918"},{"taxonomy":"jobpost_location","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_location?post=918"},{"taxonomy":"jobpost_tag","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_tag?post=918"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}